Title: [286971] trunk/Source
- Revision
- 286971
- Author
- cdu...@apple.com
- Date
- 2021-12-13 12:29:59 -0800 (Mon, 13 Dec 2021)
Log Message
Regression(r283565) Unable to report private messages as Spam in Twitter app
https://bugs.webkit.org/show_bug.cgi?id=234253
<rdar://86043227>
Reviewed by Alex Christensen.
Source/WebCore:
Add macro for new linkedOnOrAfter check for sending the Authorization header
on same origin redirects.
* platform/cocoa/VersionChecks.h:
Source/WebKit:
In r283565, we aligned WebKit's behavior with the Fetch specification and with
Gecko / Blink by keeping the Authorization header on same origin redirects.
However, when reporting a private message in the twitter app, it does a
same-origin redirect from `https://twitter.com/account/authenticate_web_view?...`
to `https://twitter.com/account/authenticate_web_view?...` and the HTTP server
reponds with a 401/Unauthorized when we send the Authorization on the post-redirect
request. As far as I can tell, our behavior is correct here and I suspect this is an
issue with the twitter server. As a result, I am simply gating the new behavior
behind a linked-on-or-after check to give twitter a chance to address the issue on
their end.
* NetworkProcess/cocoa/NetworkDataTaskCocoa.mm:
(WebKit::NetworkDataTaskCocoa::willPerformHTTPRedirection):
Source/WTF:
Add some new iOS / macOS versions.
* wtf/spi/darwin/dyldSPI.h:
Modified Paths
Diff
Modified: trunk/Source/WTF/ChangeLog (286970 => 286971)
--- trunk/Source/WTF/ChangeLog 2021-12-13 20:28:00 UTC (rev 286970)
+++ trunk/Source/WTF/ChangeLog 2021-12-13 20:29:59 UTC (rev 286971)
@@ -1,3 +1,15 @@
+2021-12-13 Chris Dumez <cdu...@apple.com>
+
+ Regression(r283565) Unable to report private messages as Spam in Twitter app
+ https://bugs.webkit.org/show_bug.cgi?id=234253
+ <rdar://86043227>
+
+ Reviewed by Alex Christensen.
+
+ Add some new iOS / macOS versions.
+
+ * wtf/spi/darwin/dyldSPI.h:
+
2021-12-13 Elliott Williams <e...@apple.com>
Deployment target for macOS 11+ does not follow minor version bumps
Modified: trunk/Source/WTF/wtf/spi/darwin/dyldSPI.h (286970 => 286971)
--- trunk/Source/WTF/wtf/spi/darwin/dyldSPI.h 2021-12-13 20:28:00 UTC (rev 286970)
+++ trunk/Source/WTF/wtf/spi/darwin/dyldSPI.h 2021-12-13 20:29:59 UTC (rev 286971)
@@ -133,6 +133,7 @@
#define DYLD_IOS_VERSION_14_2 0x000E0200
#define DYLD_IOS_VERSION_14_5 0x000E0500
#define DYLD_IOS_VERSION_15_0 0x000f0000
+#define DYLD_IOS_VERSION_15_4 0x000f0400
#define DYLD_IOS_VERSION_16_0 0x00100000
#define DYLD_MACOSX_VERSION_10_11 0x000A0B00
@@ -145,6 +146,7 @@
#define DYLD_MACOSX_VERSION_10_16 0x000A1000
#define DYLD_MACOSX_VERSION_11_3 0x000B0300
#define DYLD_MACOSX_VERSION_12_00 0x000c0000
+#define DYLD_MACOSX_VERSION_12_3 0x000c0300
#define DYLD_MACOSX_VERSION_13_0 0x000d0000
#endif
Modified: trunk/Source/WebCore/ChangeLog (286970 => 286971)
--- trunk/Source/WebCore/ChangeLog 2021-12-13 20:28:00 UTC (rev 286970)
+++ trunk/Source/WebCore/ChangeLog 2021-12-13 20:29:59 UTC (rev 286971)
@@ -1,3 +1,16 @@
+2021-12-13 Chris Dumez <cdu...@apple.com>
+
+ Regression(r283565) Unable to report private messages as Spam in Twitter app
+ https://bugs.webkit.org/show_bug.cgi?id=234253
+ <rdar://86043227>
+
+ Reviewed by Alex Christensen.
+
+ Add macro for new linkedOnOrAfter check for sending the Authorization header
+ on same origin redirects.
+
+ * platform/cocoa/VersionChecks.h:
+
2021-12-13 Youenn Fablet <you...@apple.com>
FetchResponse::clone should use the relevant realm for the cloned response
Modified: trunk/Source/WebCore/platform/cocoa/VersionChecks.h (286970 => 286971)
--- trunk/Source/WebCore/platform/cocoa/VersionChecks.h 2021-12-13 20:28:00 UTC (rev 286970)
+++ trunk/Source/WebCore/platform/cocoa/VersionChecks.h 2021-12-13 20:29:59 UTC (rev 286971)
@@ -72,6 +72,7 @@
FirstWithDOMWindowReuseRestriction = DYLD_IOS_VERSION_15_0,
FirstWithApplicationCacheDisabledByDefault = DYLD_IOS_VERSION_15_0,
FirstWithoutExpandoIndexedPropertiesOnWindow = DYLD_IOS_VERSION_15_0,
+ FirstWithAuthorizationHeaderOnSameOriginRedirects = DYLD_IOS_VERSION_15_4,
FirstForbiddingDotPrefixedFonts = DYLD_IOS_VERSION_16_0,
#elif PLATFORM(MAC)
FirstThatConvertsInvalidURLsToBlank = DYLD_MACOSX_VERSION_10_12,
@@ -99,6 +100,7 @@
FirstThatAllowsWheelEventGesturesToBecomeNonBlocking = DYLD_MACOSX_VERSION_11_3,
FirstWithApplicationCacheDisabledByDefault = DYLD_MACOSX_VERSION_12_00,
FirstWithoutExpandoIndexedPropertiesOnWindow = DYLD_MACOSX_VERSION_12_00,
+ FirstWithAuthorizationHeaderOnSameOriginRedirects = DYLD_MACOSX_VERSION_12_3,
FirstForbiddingDotPrefixedFonts = DYLD_MACOSX_VERSION_13_0,
#endif
};
Modified: trunk/Source/WebKit/ChangeLog (286970 => 286971)
--- trunk/Source/WebKit/ChangeLog 2021-12-13 20:28:00 UTC (rev 286970)
+++ trunk/Source/WebKit/ChangeLog 2021-12-13 20:29:59 UTC (rev 286971)
@@ -1,3 +1,26 @@
+2021-12-13 Chris Dumez <cdu...@apple.com>
+
+ Regression(r283565) Unable to report private messages as Spam in Twitter app
+ https://bugs.webkit.org/show_bug.cgi?id=234253
+ <rdar://86043227>
+
+ Reviewed by Alex Christensen.
+
+ In r283565, we aligned WebKit's behavior with the Fetch specification and with
+ Gecko / Blink by keeping the Authorization header on same origin redirects.
+
+ However, when reporting a private message in the twitter app, it does a
+ same-origin redirect from `https://twitter.com/account/authenticate_web_view?...`
+ to `https://twitter.com/account/authenticate_web_view?...` and the HTTP server
+ reponds with a 401/Unauthorized when we send the Authorization on the post-redirect
+ request. As far as I can tell, our behavior is correct here and I suspect this is an
+ issue with the twitter server. As a result, I am simply gating the new behavior
+ behind a linked-on-or-after check to give twitter a chance to address the issue on
+ their end.
+
+ * NetworkProcess/cocoa/NetworkDataTaskCocoa.mm:
+ (WebKit::NetworkDataTaskCocoa::willPerformHTTPRedirection):
+
2021-12-13 Youenn Fablet <you...@apple.com>
REGRESSION (r286841): [ iOS ] Many webrtc tests flaky failing on iOS
Modified: trunk/Source/WebKit/NetworkProcess/cocoa/NetworkDataTaskCocoa.mm (286970 => 286971)
--- trunk/Source/WebKit/NetworkProcess/cocoa/NetworkDataTaskCocoa.mm 2021-12-13 20:28:00 UTC (rev 286970)
+++ trunk/Source/WebKit/NetworkProcess/cocoa/NetworkDataTaskCocoa.mm 2021-12-13 20:29:59 UTC (rev 286971)
@@ -41,6 +41,7 @@
#import <WebCore/RegistrableDomain.h>
#import <WebCore/ResourceRequest.h>
#import <WebCore/TimingAllowOrigin.h>
+#import <WebCore/VersionChecks.h>
#import <pal/spi/cf/CFNetworkSPI.h>
#import <wtf/BlockPtr.h>
#import <wtf/FileSystem.h>
@@ -495,7 +496,7 @@
request.clearHTTPOrigin();
} else {
- if (auto authorization = m_firstRequest.httpHeaderField(WebCore::HTTPHeaderName::Authorization); !authorization.isNull())
+ if (auto authorization = m_firstRequest.httpHeaderField(WebCore::HTTPHeaderName::Authorization); !authorization.isNull() && linkedOnOrAfter(WebCore::SDKVersion::FirstWithAuthorizationHeaderOnSameOriginRedirects))
request.setHTTPHeaderField(WebCore::HTTPHeaderName::Authorization, authorization);
#if USE(CREDENTIAL_STORAGE_WITH_NETWORK_SESSION)
_______________________________________________
webkit-changes mailing list
webkit-changes@lists.webkit.org
https://lists.webkit.org/mailman/listinfo/webkit-changes